Skip to content
Commit c436c990 authored by David Woodhouse's avatar David Woodhouse Committed by Rich Salz
Browse files

RT4175: Fix PKCS7_verify() regression with Authenticode signatures

This is a partial revert of commit c8491de3 ("GH354: Memory leak fixes"),
which was cherry-picked from commit 55500ea7 in OpenSSL 1.1.

That commit introduced a change in behaviour which is a regression for
software implementing Microsoft Authenticode — which requires a PKCS#7
signature to be validated against explicit external data, even though
it's a non-detached signature with its own embedded data.

The is fixed differently in OpenSSL 1.1 by commit 6b2ebe43

 ("Add
PKCS7_NO_DUAL_CONTENT flag"), but that approach isn't viable in the
1.0.2 stable branch, so just comment the offending check back out again.

Signed-off-by: default avatarRich Salz <rsalz@openssl.org>
Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
parent f78baa9d
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment